________________________________ >From: Michael Rogers <mich...@briarproject.org> >To: liberationtech <liberationtech@lists.stanford.edu> >Sent: Tuesday, June 11, 2013 10:45 AM >Subject: Re: [liberationtech] Building a encrypted mobile network >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 >>Hi Anthony, >On 08/06/13 13:36, Anthony Papillion wrote: >> 1. Location is a particularly thorny issue. Presentations at either >> HOPE or BlackHat demonstrated how easy it is to locate a mobile >> even if you're not the government with a massive budget and mad >> technology. >> >> Perhaps routing the network connection through Tor may suffice? But >> I don't think so as something doesn't 'feel' right about that. >> Thoughts? >Routing the call through Tor wouldn't conceal the phone's location >from the mobile network. The caller and callee would both have to use >cell towers to reach the Tor network, so their respective mobile >networks would still know their locations, and any hacks that can >currently be used to trick the mobile network into revealing a phone's >location would still work. >In theory you could conceal who calls whom from the mobile network by >routing the call through Tor. However, in order to be able to receive >calls, the callee would either have to maintain a constant connection >to Tor (draining her battery and data allowance) or ask some third >party with a constant connection to Tor to send her push notifications >of incoming calls, which she could then answer by connecting to Tor. >The third party would know when the callee was receiving incoming >calls, though not necessarily from whom. >Even this would reveal quite a lot of information to the mobile >network. Alice starts sending data at 12:34:56. Bob receives a push >notification at 12:34:57. Bob starts sending data at 12:34:58. Alice >and Bob both stop sending data at 12:44:58. The inference is pretty >clear: Alice called Bob at 12:34 and the call lasted ten minutes. >Concealing these patterns would require users to send and receive >dummy data even when they weren't sending or receiving calls, which >would drain their batteries and data allowances. It would be possible >to build such a system, but I don't think anyone would use it. I don't think it's out of the realm of possibility that somebody would have a device running orbot with a (non-exit) relay that sits at home, plugged in, running over wifi. Or, some small plug computer with a headset hookup that functions the same. Or on their main machine that just runs all the time. All that's needed then is a mechanism to leave a text message when the other person isn't at home (Torchat, maybe Bitmessage, etc.). It's reinventing old technology: the landline and the answering machine. But users would avoid the new surveillance problems with metadata leaking. Whoever is planning the "Restore the Fourth Amendment" project would certainly make use of such a system if it existed and was usable. -Jonathan
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
